CVE-2005-3788 — Race Condition in Cisco Adaptive Security Appliance Software

3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

1.2%

top 20.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software

Timeline

PublishedNov 24

Latest updateMay 1

Description

Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), and 7.0(4), when running with an Active/Standby configuration and when the failover LAN interface fails, allows remote attackers to cause a denial of service (standby firewall failure) by sending spoofed ARP responses from an IP address of an active firewall, which prevents the standby firewall from becoming active, aka "failover denial of service."

CVSS vector

AV:N/AC:H/C:N/I:N/A:CExploitability: 4.9 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/adaptive_security_appliance_software7.0\(0\), 7.0\(2\), 7.0\(4\)+2

🔴Vulnerability Details

GHSA

GHSA-2qpc-3frw-rxpf: Race condition in Cisco Adaptive Security Appliance (ASA) 7↗2022-05-01

▶

CVEList

CVE-2005-3788: Race condition in Cisco Adaptive Security Appliance (ASA) 7↗2005-11-24

▶